292 matches found
itech TrainSmart r1044 SQL Injection
Exploit Title: itech TrainSmart r1044 - SQL injection Date: 03.02.2023 Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044...
itech TrainSmart r1044 - SQL injection Vulnerability
Exploit Title: itech TrainSmart r1044 - SQL injection Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044 allows remote...
PT-2023-2751 · Fortinet · Fortiadc
Name of the Vulnerable Software and Affected Versions: Fortinet FortiADC versions 7.2.0 and prior to 7.1.1 Description: A relative path traversal issue allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. This issue is related to...
Security Bulletin: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted 'Load' command. (CVE-2022-43929)
Summary IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted 'Load' command. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. CVSS Base score: 6.2 CVSS...
CVE-2023-25602
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 al...
SUSE CVE-2007-3381
The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...
SUSE CVE-2011-2964
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697...
SUSE CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
UBUNTU-CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
Buffer overflow
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
Command Injection
github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library's behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image...
CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
CVE-2021-36493
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command...
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...
Arbitrary file deletion
Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability...
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
...
DEBIAN-CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...
Cisco Firepower Threat Defense Software Command File Overwrite (cisco-sa-ftd-file-overwrite-XknRjGdB)
According to its version and configuration, the Cisco Firepower Threat Defense FTD Software running on the remote device is affected by a file overwrite vulnerability due to insufficient validation of user input. An authenticated, local attacker can exploit this, by logging in and issuing a craft...